﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web;
using System.Web.Http.Controllers;

namespace API.Core.AuthorizeAttribute
{
    public class EdexAuthorizeAttribute : System.Web.Http.AuthorizeAttribute
    {
        public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            if (!Authenticate(actionContext))
                HandleUnauthorizedRequest(actionContext);
        }


        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {
            //var challengeMessage = new System.Net.Http.HttpResponseMessage(HttpStatusCode.Unauthorized)
            //{
            //    Content = new System.Net.Http.StringContent("API key is invalid"),
            //    ReasonPhrase = "API key is invalid"
            //};

            //throw new System.Web.Http.HttpResponseException(challengeMessage);

            //actionContext.Response = new HttpResponseMessage()
            //{
            //    StatusCode = HttpStatusCode.Unauthorized,
            //    RequestMessage = actionContext.ControllerContext.Request
            //};

            base.HandleUnauthorizedRequest(actionContext);

            var response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
            response.Content = new System.Net.Http.StringContent("Api key is not valid");
            actionContext.Response = response;
        }


        private bool Authenticate(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            var api_key = System.Web.HttpContext.Current.Request["api_key"];

            /*
            if (String.IsNullOrEmpty(api_key))
            {
                var inputStreamString = new System.IO.StreamReader(System.Web.HttpContext.Current.Request.InputStream).ReadToEnd();
                var inputStreamObject = Newtonsoft.Json.JsonConvert.DeserializeObject<EdexAuthorize>(inputStreamString);

                if (inputStreamObject != null)
                    api_key = inputStreamObject.api_key;
            }
            */

            if (String.IsNullOrEmpty(api_key))
                return false;

            var sessionRepository = new API.Models.Repository.SEC_SESSIONS_Repository();
            var session = sessionRepository.GetSession(api_key);

            if (session == null)
                return false;

            actionContext.ControllerContext.RouteData.Values["session"] = session;
            actionContext.ActionArguments.Add("api_key", api_key);

            return true;
        }

        private class EdexAuthorize
        {
            public string api_key { get; set; }
        }
    }

    /*
    public class ValidatePermissionAttribute : System.Web.Mvc.AuthorizeAttribute
    {
        public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);
        }

        protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
        {
            var api_key = System.Web.HttpContext.Current.Request["api_key"];
            var user = System.Web.HttpContext.Current.Request["user"];
            var pass = System.Web.HttpContext.Current.Request["pass"];

            if (api_key == null)
            {
                return false;
            }

            return true;
        }

        protected override void HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext filterContext)
        {
            base.HandleUnauthorizedRequest(filterContext);
        }

        protected override System.Web.HttpValidationStatus OnCacheAuthorization(System.Web.HttpContextBase httpContext)
        {
            return base.OnCacheAuthorization(httpContext);
        }
    }*/
}